The sad state of cyber security readiness

Just 17 per cent of UK business leaders see cyber security as a major priority, compared to 41 per cent in the US, research from BT has revealed.

The research, which assessed attitudes to cyber security and levels of preparedness among IT decision makers, highlights that UK businesses are lagging behind their US counterparts in crucial areas. Just one in five (21 per cent) respondents in the UK are able to measure the ROI of their cyber security measures compared to nine in ten (90 per cent) US companies. Similarly, 86 per cent of US directors and senior decision makers are given IT security training, compared to just 37 per cent in the UK.

Respondents that believe their CEO’s attitude towards cyber security is “protection against cyber-attack is an absolute priority” by country (BASE: all respondents)

More than half (58 per cent) of IT decision-makers globally stated that their boards underestimate the importance of cyber security. This figure increases to 74 per cent in the US but drops to 55 per cent in the UK.

The difference in levels of preparedness correlates with attitudes to threats. Non-malicious insider threats (e.g. accidental loss of data) are currently the most commonly cited security concern globally, being reported as a serious threat by 65 per cent of IT decision makers. In the UK this falls to 60 per cent and is followed by malicious insider threats (51 per cent), hacktivism (37 per cent) organised crime (32 per cent), nation states (15 per cent) and terrorism (12 per cent).

In the US the proportion of IT decision makers who see non-malicious insider threats as a severe threat increases to 85 per cent and is followed by malicious insider threats (79 per cent), hacktivism (77 per cent), organised crime (75 per cent), terrorism (72 per cent) and nation states (70 per cent).

Looking ahead, more than half of global IT decision makers believe that hacktivism (54 per cent) and malicious insider threats (53 per cent) will pose a greater risk over the next 12 months. In the US this increases to 73 per cent and 74 per cent respectively. This compares to 29 per cent and 23 per cent in the UK. Globally, terrorism is seen as the threat least likely to pose more risk over the next 12 months.

Cyber security threats posing risk now and posing more risk over the coming year (BASE: all respondents)

Mark Hughes, CEO of BT Security, said: “The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organisations globally. The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats – malicious and accidental.

“US businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.”

In response to emerging threats, three quarters (75 per cent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74 per cent would like to train all staff in cyber security best practice. Similarly, just over half (54 per cent) say they would like to engage an external vendor to monitor the system and prevent attacks.

Hughes added: “As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and educate their people in the IT department and beyond. The stakes are too high for cyber security to be pushed to the bottom of the pile.